CVE-2025-4286

Summary

A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edição Page. The manipulation of the argument Senha de Comunicação leads to unprotected storage of credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. According to the vendor this issue should be fixed in a later release.

Affected Software

VendorProductVersion RangeStatus
IntelbrasInControl2.21.0affected
IntelbrasInControl2.21.1affected
IntelbrasInControl2.21.2affected
IntelbrasInControl2.21.3affected
IntelbrasInControl2.21.4affected
IntelbrasInControl2.21.5affected
IntelbrasInControl2.21.6affected
IntelbrasInControl2.21.7affected
IntelbrasInControl2.21.8affected
IntelbrasInControl2.21.9affected
IntelbrasInControl2.21.10affected
IntelbrasInControl2.21.11affected
IntelbrasInControl2.21.12affected
IntelbrasInControl2.21.13affected
IntelbrasInControl2.21.14affected
IntelbrasInControl2.21.15affected
IntelbrasInControl2.21.16affected
IntelbrasInControl2.21.17affected
IntelbrasInControl2.21.18affected
IntelbrasInControl2.21.19affected
IntelbrasInControl2.21.20affected
IntelbrasInControl2.21.21affected
IntelbrasInControl2.21.22affected
IntelbrasInControl2.21.23affected
IntelbrasInControl2.21.24affected
IntelbrasInControl2.21.25affected
IntelbrasInControl2.21.26affected
IntelbrasInControl2.21.27affected
IntelbrasInControl2.21.28affected
IntelbrasInControl2.21.29affected
IntelbrasInControl2.21.30affected
IntelbrasInControl2.21.31affected
IntelbrasInControl2.21.32affected
IntelbrasInControl2.21.33affected
IntelbrasInControl2.21.34affected
IntelbrasInControl2.21.35affected
IntelbrasInControl2.21.36affected
IntelbrasInControl2.21.37affected
IntelbrasInControl2.21.38affected
IntelbrasInControl2.21.39affected
IntelbrasInControl2.21.40affected
IntelbrasInControl2.21.41affected
IntelbrasInControl2.21.42affected
IntelbrasInControl2.21.43affected
IntelbrasInControl2.21.44affected
IntelbrasInControl2.21.45affected
IntelbrasInControl2.21.46affected
IntelbrasInControl2.21.47affected
IntelbrasInControl2.21.48affected
IntelbrasInControl2.21.49affected
IntelbrasInControl2.21.50affected
IntelbrasInControl2.21.51affected
IntelbrasInControl2.21.52affected
IntelbrasInControl2.21.53affected
IntelbrasInControl2.21.54affected
IntelbrasInControl2.21.55affected
IntelbrasInControl2.21.56affected
IntelbrasInControl2.21.57affected
IntelbrasInControl2.21.58affected
IntelbrasInControl2.21.59affected

Weaknesses

  • CWE-256: Unprotected Storage of Credentials
  • CWE-255: Credentials Management

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References